trunk: updates from dan on 9 modules
This commit is contained in:
parent
f65ca5f9b6
commit
8d2c34195e
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(logwatch,1.5.1)
|
policy_module(logwatch,1.5.2)
|
||||||
|
|
||||||
#################################
|
#################################
|
||||||
#
|
#
|
||||||
@ -29,7 +29,6 @@ allow logwatch_t self:capability { dac_override dac_read_search setgid };
|
|||||||
allow logwatch_t self:process signal;
|
allow logwatch_t self:process signal;
|
||||||
allow logwatch_t self:fifo_file rw_file_perms;
|
allow logwatch_t self:fifo_file rw_file_perms;
|
||||||
allow logwatch_t self:unix_stream_socket create_stream_socket_perms;
|
allow logwatch_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow logwatch_t self:netlink_route_socket r_netlink_socket_perms;
|
|
||||||
|
|
||||||
manage_dirs_pattern(logwatch_t,logwatch_cache_t,logwatch_cache_t)
|
manage_dirs_pattern(logwatch_t,logwatch_cache_t,logwatch_cache_t)
|
||||||
manage_files_pattern(logwatch_t,logwatch_cache_t,logwatch_cache_t)
|
manage_files_pattern(logwatch_t,logwatch_cache_t,logwatch_cache_t)
|
||||||
@ -73,6 +72,9 @@ term_dontaudit_list_ptys(logwatch_t)
|
|||||||
|
|
||||||
auth_dontaudit_read_shadow(logwatch_t)
|
auth_dontaudit_read_shadow(logwatch_t)
|
||||||
|
|
||||||
|
init_read_utmp(logwatch_t)
|
||||||
|
init_dontaudit_write_utmp(logwatch_t)
|
||||||
|
|
||||||
libs_use_ld_so(logwatch_t)
|
libs_use_ld_so(logwatch_t)
|
||||||
libs_use_shared_libs(logwatch_t)
|
libs_use_shared_libs(logwatch_t)
|
||||||
libs_read_lib_files(logwatch_t)
|
libs_read_lib_files(logwatch_t)
|
||||||
@ -95,6 +97,10 @@ optional_policy(`
|
|||||||
apache_read_log(logwatch_t)
|
apache_read_log(logwatch_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
auth_use_nsswitch(logwatch_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
avahi_dontaudit_search_pid(logwatch_t)
|
avahi_dontaudit_search_pid(logwatch_t)
|
||||||
')
|
')
|
||||||
@ -116,14 +122,6 @@ optional_policy(`
|
|||||||
mta_getattr_spool(logwatch_t)
|
mta_getattr_spool(logwatch_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nis_use_ypbind(logwatch_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(logwatch_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
ntp_domtrans(logwatch_t)
|
ntp_domtrans(logwatch_t)
|
||||||
')
|
')
|
||||||
|
@ -1,21 +1,11 @@
|
|||||||
|
|
||||||
policy_module(usernetctl,1.1.1)
|
policy_module(usernetctl,1.1.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
|
|
||||||
ifdef(`strict_policy',`
|
|
||||||
## <desc>
|
|
||||||
## <p>
|
|
||||||
## Allow users to control network interfaces
|
|
||||||
## (also needs USERCTL=true)
|
|
||||||
## </p>
|
|
||||||
## </desc>
|
|
||||||
gen_tunable(user_net_control,false)
|
|
||||||
')
|
|
||||||
|
|
||||||
type usernetctl_t;
|
type usernetctl_t;
|
||||||
type usernetctl_exec_t;
|
type usernetctl_exec_t;
|
||||||
application_domain(usernetctl_t,usernetctl_exec_t)
|
application_domain(usernetctl_t,usernetctl_exec_t)
|
||||||
|
@ -25,6 +25,7 @@ HOME_DIR/\.vmware[^/]*/.*\.cfg -- gen_context(system_u:object_r:ROLE_vmware_conf
|
|||||||
/usr/bin/vmware-smbd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
|
/usr/bin/vmware-smbd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
|
||||||
/usr/bin/vmware-smbpasswd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
|
/usr/bin/vmware-smbpasswd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
|
||||||
/usr/bin/vmware-smbpasswd\.bin -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
|
/usr/bin/vmware-smbpasswd\.bin -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
|
||||||
|
/usr/bin/vmware-vmx -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
|
||||||
/usr/bin/vmware-wizard -- gen_context(system_u:object_r:vmware_exec_t,s0)
|
/usr/bin/vmware-wizard -- gen_context(system_u:object_r:vmware_exec_t,s0)
|
||||||
/usr/bin/vmware -- gen_context(system_u:object_r:vmware_exec_t,s0)
|
/usr/bin/vmware -- gen_context(system_u:object_r:vmware_exec_t,s0)
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(vmware,1.2.0)
|
policy_module(vmware,1.2.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -56,6 +56,8 @@ corenet_raw_sendrecv_all_nodes(vmware_host_t)
|
|||||||
corenet_tcp_sendrecv_all_ports(vmware_host_t)
|
corenet_tcp_sendrecv_all_ports(vmware_host_t)
|
||||||
corenet_udp_sendrecv_all_ports(vmware_host_t)
|
corenet_udp_sendrecv_all_ports(vmware_host_t)
|
||||||
corenet_raw_bind_all_nodes(vmware_host_t)
|
corenet_raw_bind_all_nodes(vmware_host_t)
|
||||||
|
corenet_tcp_bind_all_nodes(vmware_host_t)
|
||||||
|
corenet_udp_bind_all_nodes(vmware_host_t)
|
||||||
corenet_tcp_connect_all_ports(vmware_host_t)
|
corenet_tcp_connect_all_ports(vmware_host_t)
|
||||||
corenet_sendrecv_all_client_packets(vmware_host_t)
|
corenet_sendrecv_all_client_packets(vmware_host_t)
|
||||||
corenet_sendrecv_all_server_packets(vmware_host_t)
|
corenet_sendrecv_all_server_packets(vmware_host_t)
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(avahi,1.6.0)
|
policy_module(avahi,1.6.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -57,6 +57,7 @@ dev_read_urand(avahi_t)
|
|||||||
|
|
||||||
fs_getattr_all_fs(avahi_t)
|
fs_getattr_all_fs(avahi_t)
|
||||||
fs_search_auto_mountpoints(avahi_t)
|
fs_search_auto_mountpoints(avahi_t)
|
||||||
|
fs_list_inotifyfs(avahi_t)
|
||||||
|
|
||||||
domain_use_interactive_fds(avahi_t)
|
domain_use_interactive_fds(avahi_t)
|
||||||
|
|
||||||
|
@ -69,6 +69,24 @@ interface(`fstools_exec',`
|
|||||||
can_exec($1,fsadm_exec_t)
|
can_exec($1,fsadm_exec_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Read fstools unnamed pipes.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`fstools_read_pipes',`
|
||||||
|
gen_require(`
|
||||||
|
type fsdaemon_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 fsdaemon_t:fifo_file read_fifo_file_perms;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Relabel a file to the type used by the
|
## Relabel a file to the type used by the
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(fstools,1.7.0)
|
policy_module(fstools,1.7.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -69,6 +69,7 @@ files_getattr_boot_dirs(fsadm_t)
|
|||||||
|
|
||||||
dev_getattr_all_chr_files(fsadm_t)
|
dev_getattr_all_chr_files(fsadm_t)
|
||||||
dev_dontaudit_getattr_all_blk_files(fsadm_t)
|
dev_dontaudit_getattr_all_blk_files(fsadm_t)
|
||||||
|
dev_dontaudit_getattr_generic_files(fsadm_t)
|
||||||
# mkreiserfs and other programs need this for UUID
|
# mkreiserfs and other programs need this for UUID
|
||||||
dev_read_rand(fsadm_t)
|
dev_read_rand(fsadm_t)
|
||||||
dev_read_urand(fsadm_t)
|
dev_read_urand(fsadm_t)
|
||||||
@ -184,3 +185,7 @@ optional_policy(`
|
|||||||
fs_dontaudit_write_ramfs_pipes(fsadm_t)
|
fs_dontaudit_write_ramfs_pipes(fsadm_t)
|
||||||
rhgb_stub(fsadm_t)
|
rhgb_stub(fsadm_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
xen_append_log(fsadm_t)
|
||||||
|
')
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(iptables,1.4.0)
|
policy_module(iptables,1.4.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -58,6 +58,8 @@ domain_use_interactive_fds(iptables_t)
|
|||||||
files_read_etc_files(iptables_t)
|
files_read_etc_files(iptables_t)
|
||||||
files_read_etc_runtime_files(iptables_t)
|
files_read_etc_runtime_files(iptables_t)
|
||||||
|
|
||||||
|
auth_use_nsswitch(iptables_t)
|
||||||
|
|
||||||
init_use_fds(iptables_t)
|
init_use_fds(iptables_t)
|
||||||
init_use_script_ptys(iptables_t)
|
init_use_script_ptys(iptables_t)
|
||||||
# to allow rules to be saved on reboot:
|
# to allow rules to be saved on reboot:
|
||||||
@ -102,10 +104,6 @@ optional_policy(`
|
|||||||
nis_use_ypbind(iptables_t)
|
nis_use_ypbind(iptables_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(iptables_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
ppp_dontaudit_use_fds(iptables_t)
|
ppp_dontaudit_use_fds(iptables_t)
|
||||||
')
|
')
|
||||||
|
@ -65,6 +65,7 @@ ifdef(`distro_redhat',`
|
|||||||
|
|
||||||
/var/lib/texmf(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
|
/var/lib/texmf(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
|
||||||
|
|
||||||
|
/var/cache/fontconfig(/.*)? gen_context(system_u:object_r:fonts_t,s0)
|
||||||
/var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
|
/var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
|
||||||
/var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0)
|
/var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0)
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(miscfiles,1.3.0)
|
policy_module(miscfiles,1.3.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user